A very serious vulnerability has been discovered in a number of Cisco routers (opens in new tab) which allows threat actors to bypass authentication, gain root access to the endpoint, and even execute arbitrary commands against the underlying operating system in the second stage of the attack.
The news comes courtesy of Cisco itself, which said it would not fix the flaw, as it was discovered in endpoints that have reached end-of-life. The flaw, tracked as CVE-2023-20025, affects Cisco Small Business RV016, RV042, RV042G, and RV082 routers. By sending a custom HTTP request to the vulnerable routers’ web-based management interface, the attackers can bypass the device’s authentication and exploit it remotely.
The attackers could then take advantage of a second vulnerability, also the recently disclosed CVE-2023-2002, to execute arbitrary commands on the device’s operating system.
Block important ports
The bugs are rated “critical” but Cisco won’t address them, especially since the devices in question are no longer supported by the company. However, BleepingComputer found that RV042 and RV042G routers were on sale until January 30, 2020, and will enjoy the company’s support until January 31, 2025.
There are no workarounds for the error, but administrators can disable the router’s web-based management interface or block access to ports 443 and 60443, which should help block potential attacks.
This isn’t the first time Cisco has decided not to fix critical authentication bypass vulnerabilities. In September, BleepingComputer reminds, a similar flaw was discovered with the RV110W, RV130, RV130W, and RV2015W EoL. At the time, Cisco suggested customers move to RV132W, RV160, and RV160W.
In June, a critical remote code execution (RCE) error (tracked as CVE-2022-20825) was found and not checked.
Routers are a critical part of data transfer and as such are a prime target for cybercriminals. Therefore, it is not uncommon for cybersecurity researchers and OEMs to find and fix serious flaws on a regular basis. However, unpatched flaws can wreak havoc on a network because threat actors don’t have to discover new vulnerabilities on their own – they can simply leverage what is already widely known.
Through: Beeping computer (opens in new tab)